From owner-freebsd-net@freebsd.org Fri Aug 14 17:57:08 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 564DB9B8D4C for ; Fri, 14 Aug 2015 17:57:08 +0000 (UTC) (envelope-from ebastan10@gmail.com) Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 253B416EE for ; Fri, 14 Aug 2015 17:57:08 +0000 (UTC) (envelope-from ebastan10@gmail.com) Received: by igfj19 with SMTP id j19so17176456igf.1 for ; Fri, 14 Aug 2015 10:57:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=XtBE/ozwXfG6uugnX48IV+dz+cV60AVfI1xn8P/NNVw=; b=nbOjj7+XLOoe8Y62o1+uBzcVHYL7RvhxFt6YC8BquMGEywhadA2LEOYZrxXvWJRhio /aupCUdrxstWKI5fri2YY4YA/hNIE5e+d1ob4kmO3dag7uVsHcxEiNEAT8g1/XHnLsAf ii0uADN+9QzWUXs1jhKT5sLIffsWEddhH8mr1EAKdU7qrCetYpoMse69h2Xx4KN2HQ8z k2gN1P+cS6SxoeaNtkiIfabP7Bt8axNpJwhylWMBb9X3rpcDyHAxhhqKBRIrHtTBejuK CiblJvjW24A3tGuPYPu5PvpXzIVY6fDGlvpNDZiy2F6R0FScn2bSnLZyL7C7FNc+Ht4/ SMOA== MIME-Version: 1.0 X-Received: by 10.50.1.115 with SMTP id 19mr3766406igl.67.1439575027610; Fri, 14 Aug 2015 10:57:07 -0700 (PDT) Received: by 10.107.9.67 with HTTP; Fri, 14 Aug 2015 10:57:07 -0700 (PDT) Date: Fri, 14 Aug 2015 22:27:07 +0430 Message-ID: Subject: vlan+bridge questions From: Hooshang F To: FreeBSD Net Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2015 17:57:08 -0000 Hi, We need to install a freebsd firewall (pf). The freebsd box needs to be placed in bridge mode in the middle of a VLAN truck link between 2 Cisco switches. The em0 and em1 ports are connected to the trunk ports on the 2 switches. We are going to: 1- Define two vlan interfaces for vlan id X. one with em0 as parent and the other on top of em1. 2- Create a bridge interface. 3- Add the two vlan interfaces as members of the bridge. 4- Repeat 1-3 for every vlan id used in the network. 2 questions: 1- Is not there a simpler method which does not involve creating so many vlans & bridges? For instance, is it possible to have a truck interface which accepts 'all' vlan IDs (like cisco) instead of creating two vlan interface per ID? 2- How the untagged traffic should be bridged? Cisco switches send out packets untagged if vlan ID is equal to the trunk port 'native' vlan id. To bridge this packets, we should create a bridge with em0 and em1 as members, but that will effectively disables bridging on vlan interfaces. Right? Thanks in advance.